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- The MAILING DATE of this communication appoars on the cover sheet with the correspondence address -• 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply Is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )H Responsive to communication(s) filed on 04 Mav 2001 . 
2a)n This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 1-12 is/are pending in the application. 

4a) Of the above claim{s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

d)M Claim(s) M2 is/are rejected, 

7) D Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 04 Mav 2001 is/are: a)|3 accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing{s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required If the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) n The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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DETAILED ACTION 
Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claim 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sherer 
(U.S. Patent No. 6.1 1 5.376) in view of Frantz (U.S. Patent No. 6.697.943 B1 ). 

3. Referring to claim 1 , Sherer discloses a medium access control address 
authentication (see abstract and Fig. 4). Sherer teaches a plurality of ports adapted for 
connection to respective MAC layer devices includes storing authentication data in the 
star configured interconnection device that maps MAC addresses of end stations in the 
network to particular ports on the star configured interconnection device. Upon receiving 
a packet on a particular port, the process involves determining whether the packet 
carries a source address, which the authentication data maps to the particular port. If 
the packet carries a source address, which the authentication data maps to the 
particular port, then the packet is accepted. If the packet does not carry a source MAC 
address, which the authentication maps to the port, then an authentication protocol is 
executed on the port to determine whether the MAC address originates from an 
authorized sender according to the authentication protocol (see abstract). According to 
Sherer, network devices learn the segments of the network on which to find certain 
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MAC addresses. Thus, by using the MAC address of another device, an end station is 
capable of fooling the network so that packets destined to the end station that it is 
minnicking, are routed to the mimic. An unscrupulous user spoofing another packet can 
introduce unwanted data such as computer viruses into a packet stream being 
transmitted from the end station, or hijack a user's network session and gain 
unauthorized access to other system resources (see column 1 , lines 50-65). 
Therefore, Sherer solves the same problem as claim 1 . 

4. Referring to the independent claims 1 the limitation "receiving a message by 
the network-addressable device" is met by a packet (102 In Fig 4,), which is transmitted 
to interconnection device (100). The limitation "detecting a communication protocol 
violation ... , wherein the communication protocol violation is indicative of activity of a 
spoofing vandal using an identity of the network-addressable device..." is met by 
teaching that upon receiving a packet on a particular port, the process involves 
determining whether the packet carries a source address, which the authentication data 
maps to the particular port (see abstract). Sherer, however does not explicitly teach 
generating a spoofing alert upon detection of protocol violation. Referring to claim 1, 
Franz teaches generating spoof control packet, setting the alerts and discarding the 
packets (see abstract and Fig. 3, blocks 340 and 399). Therefore at the time the 
invention was made, it would have been obvious to one of ordinary skill in the art, to 
modify a system for access control address authentication of Sherer by generating a 
spoofing alert as taught in Frantz. One of ordinary skill in the art would have been 
motivated to modify a system for access control address authentication by generating a 
spoofing alert as taught in Frantz for discarding the packet (see Frantz, Fig. 5). 
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5. Claims 2-1 2 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Sherer (U.S. Patent No. 6.1 1 5.376) in view of Stern (U.S. Patent No. 5.935.249) and 
further in view of Frantz (U.S. Patent No. 6.697.943 B1). 

6. Referring to the instant claims, Sherer discloses a medium access control 
address authentication (see abstract and Fig. 4). Sherer teaches a plurality of ports 
adapted for connection to respective MAC layer devices includes storing authentication 
data in the star configured interconnection device that maps MAC addresses of end 
stations in the network to particular ports on the star configured interconnection device. 
Upon receiving a packet on a particular port, the process involves determining whether 
the packet carries a source address, which the authentication data maps to the 
particular port. If the packet carries a source address, which the authentication data 
maps to the particular port, then the packet is accepted. If the packet does not carry a 
source MAG address, which the authentication maps to the port, then an authentication 
protocol is executed on the port to determine whether the MAC address originates from 
an authorized sender according to the authentication protocol (see abstract). 
According to Sherer, network devices learn the segments of the network on which to 
find certain MAC addresses. Thus, by using the MAC address of another device, an end 
station is capable of fooling the network so that packets destined to the end station that 
it is mimicking, are routed to the mimic. An unscrupulous user spoofing another packet 
can introduce unwanted data such as computer viruses into a packet stream being 
transmitted from the end station, or hijack a user's network session and gain 
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unauthorized access to other system resources (see column 1 , lines 50-65). 
Therefore, Sherer solves the same problem as claimed invention. 

7. Referring to the independent claim 2, the limitation "receiving a message by 

the network-addressable device" is met by a packet (102 In Fig 4.), which is transmitted 
to interconnection device (100). The limitation " detecting a communication protocol 
violation wherein the communication protocol violation is indicative of activity of a 
spoofing vandal using an identity of the network-addressable device..." is met by 
teaching that upon receiving a packet on a particular port, the process involves 
determining whether the packet carries a source address, which the authentication data 
maps to the particular port (see abstract). The limitation "recording attributes of the 
message" is met by storing the atthbutes in PORT/MAC table (see Fig.4). Sherer, 
however, does not explicitly teach advancing the value of a counter associated with the 
target and comparing the value of the counter with a predetermined threshold. 

8. Referring to the instant claims Stern discloses secure network management function 
(see abstract). Stern teaches a counter for storing a counter value and the 
authentication routine for verifying the identity of a user (see column 15, lines 23-25). 
Stern also teaches checking a value associated with the counter and issuing 
authorization command if the counter value exceeds a threshold value (see column 16, 
lines 35-40). Stern, however, does not explicitly teach the command being a spoofing 
alert. Referring to the instant claims, Franz teaches generating spoof control packet, 
setting the alerts and discarding the packets (see abstract and Fig. 3, blocks 340 and 
399). Therefore at the time the invention was made, it would have been obvious to one 
of ordinary skill in the art, to modify a system for access control address authentication 
of Sherer by using the counter and comparing the value of the counter with the 
threshold as taught in Stern and generating a spoofing alert as taught in Frantz. One of 
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ordinary skill in the art would have been nnotivated to modify a system for access control 
address authentication by using the counter and comparing the value of the counter 
with the threshold as taught in Stern for issuing the authorization command (see Stern 
column 16, lines 39-40) and generating a spoofing alert as taught in Frantz for 
discarding the packet (see Frantz, Fig. 5). 

9. Referring to claims 3-5 and 9, it is well known in the art of network administration to 
send the alert to a network administrator, for example Windows NT over TCP/IP 
system use administration alerts. One of ordinary skill in the art would have been 
motivated to send the spoofing alert to the network administrator for taking an 
appropriate action such as blocking the IP address of a sender. 

10. Referring to claim 6, the limitation "blocking the message" is met by discarding the 
packet (see Frantz, Fig.5). 

11 . Referring to claims 7 and 8, the "spoofing logbook database" is met by 
PORT/MAC tables (see Sherer, Fig. 4 unit 100). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Grigory Gurshman whose telephone number is (703) 
306-2900. The examiner can normally be reached on 9 AM-5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor. Gilberto Barron can be reached on (703) 305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding tlie status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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